async function cors(ctx, next){
  //allow cors
  const {request, response, db} = ctx;

  ctx.set('Access-Control-Allow-Methods', '*');
  ctx.set('Access-Control-Allow-Credentials', 'true');
  ctx.set('Access-Control-Allow-Headers', 'Content-Type');
  ctx.set('Access-Control-Allow-Origin', 'http://bundle.hanxiaoxin.cn');
  ctx.set("Access-Control-Expose-Headers", "*");

 if(request.method === 'OPTIONS') {
   response.body = 'allow';
   response.status = 200;
   return;
 }

 await next();
}

module.exports = cors;